I'm trying to add an Ldap authentication backend to a Django project running over GAE.
The project runs ok. The only problem really is Ldap is not supported by GAE. I mean:
import ldap
will generate a server error. Nonetheless, I do know that I could make my own modules available through zipimport.
Does anybody have any experience solving similar issues? Can this sort of workaround be an effective solution considering lower level dependencies?
Thanks!
A.
App Engine doesn't let you open sockets directly. Unless the LDAP server you're planning to connect to has an internet-visible HTTP front-end, you need a Plan B. (E.g., you could periodically upload extract from LDAP to your App.)
See http://code.google.com/appengine/docs/python/runtime.html#The_Sandbox
Related
I'd like to build a GUI for a few Python functions I've written that pull data from MS SQL Server. My boss wants me to share the magic of Python & SQL with the rest of the team, without them having to learn any coding.
I've decided to go down the route of using Flask to create a webapp and creating an executable file using pyinstaller. I'd like it to work similarly to Jupyter Notebook, where you click on the file and it opens the notebook in your browser.
I was able to hack together some code to get a working prototype of the GUI. The issue is I don't know how to deploy it. I need the GUI/Webapp to only run on the local computer for the user I sent the file to, and I don't want it accessible via the internet (because of proprietary company data, security issues, etc).
The only documentation I've been able to find for deploying Flask is going the routine route of a web server.
So the question is, can anyone provide any guidance on how to deploy my GUI WebApp so that it's only available to the user who has the file, and not on the world wide web?
Thank you!
So, a few assumptions-- since you're a business and you're rocking a SQLServer-- you likely have Active Directory, and the computers that you care to access this app are all hooked into that domain (so, in reality, you, or your system admin does have full control over those computers).
Also, the primary function of the app is to access a SQLServer to populate itself with data before doing something with that data. If you're deploying that app, I'm guessing you're probably also including the SQLServer login details along with it.
With that in mind, I would just serve the Flask app on the network on it's own machine (maybe even the SQLServer machine if you have the choice), and then either implement security within the app that feeds off AD to authenticate, or just have a simple user/pass authentication you can distribute to users. By default random computers online aren't going to be able to access that app unless you've set your firewalls to deliberately route WAN traffic to it.
That way, you control the Flask server-- updates only have to occur at one point, making development easier, and users simply have to open up a link in an email you send, or a shortcut you leave on their desktop.
Unfortunately, you do not have control over a give users computer.
You are using flask, so your application is a web application which will be exposing your data to some port. I believe the default flask port is 5000.
Regardless, if your user opens the given port in their firewall, and this is also open on whatever router you are connected to, then your application will be publicly visible.
There is nothing that you can do from your python application code to prevent this.
Having said all of that, if you are running on 5000, it is highly unlikely your user will have this port publicly exposed. If you are running on port 80 or 8080, then the chances are higher that you might be exposing something.
A follow up question would be where is the database your web app is connecting to? Is it also on your users machine? If not, and your web app can connect to it regardless of whose machine you run it on, I would be more concerned about your DB being publicly exposed.
I'm getting my feet wet with GCP and GAE, also nodejs and python and networking (I know).
[+] What I have:
Basically I have some nodejs code that takes in some input and is supposed to then send that input to some python code that will do more stuff to it. My first idea was to deploy the nodejs code via GAE, then host the python code in a python server, then make post requests from the nodejs front-end to the python server backend.
[+] What I would like to be able to do:
just deploy both my nodejs code and my python code in the same project and instance of GAE so that the nodejs is the frontend that people see but so that the python server is also running in the same environment and can just communicate with the nodejs without sending anything online.
[+] What I have read
https://www.netguru.co/blog/use-node-js-backend
Google App Engine - Front and Backend Web Development
and countless other google searches for this type of setup but to no avail.
If anyone can point me in the right direction I would really appreciate it.
You can't have both python and nodejs running in the same instance, but they can run as separate services, each with their own instance(s) inside the same GAE app/project. See Service isolation and maybe Deploying different languages services to the same Application [Google App Engine]
Using post requests can work pretty well, but will likely take some effort to ensure no outside access.
Since you intend to use as frontend the nodejs service you're limited to using only the flexible environment for it, which limits the inter-service communication options - you can't use push queues (properly supported only in the standard environment) which IMHO would be a better/more secure solution than post requests.
Another secure communication option would be for the nodejs service to place the data into the datastore and have the python service pick it up from there - the datastore is shared by all instances/versions/services inside the same GAE app. Also more loosely coupled IMHO - each service can function (at least for a while) without the other being alive (not possible if using the post requests).
Maybe of interest: How to tell if a Google App Engine documentation page applies to the standard or the flexible environment
UPDATE:
Node.JS is currently available in the standard environment as well, so you can use those features, see:
Now, you can deploy your Node.js app to App Engine standard environment
Google App Engine Node.js Standard Environment Documentation
I spent the whole yesterday migrating my django application to OpenShift (I selected the free solution and my application is using one small gear). My application is now up and running and there are no issues visiting the site using a browser.
However I have a .NET (C#) application which accompanies the web application and it will be run by many different users and it needs to access the database but I can not find a way to do this in OpenShift.
All the different IP addresses seems to be local and I can not find a way to access the MySQL database remotely. Below are the environment variables from OpenShift:
env | grep MYSQL
OPENSHIFT_MYSQL_DIR=/var/lib/openshift/.../mysql/
OPENSHIFT_MYSQL_DB_PORT=3306
OPENSHIFT_MYSQL_DB_HOST=127.13.169.130
OPENSHIFT_MYSQL_DB_PASSWORD=...
OPENSHIFT_MYSQL_IDENT=redhat:mysql:5.5:0.2.9
OPENSHIFT_MYSQL_DB_USERNAME=...
OPENSHIFT_MYSQL_DB_SOCKET=/var/lib/openshift/.../mysql//socket/mysql.sock
OPENSHIFT_MYSQL_DB_URL=mysql://..-...#127.13.169.130:3306/
OPENSHIFT_MYSQL_DB_LOG_DIR=/var/lib/openshift/.../mysql//log/
OPENSHIFT_MYSQL_LD_LIBRARY_PATH_ELEMENT=/opt/rh/mysql55/root/usr/lib64
As explained in the title I am not looking for the port forwarding solution. (I need to make it work not only for me but all the users)
What am I missing?
Why can't databases be accessed externally?
What should I do?
Are there any other FREE paas out there which offer what I am looking for?
Do I need to get a medium or big gear in order for this to work?
Thanks
If you don't want to use port forwarding, then I would suggest you write an API that your .NET application can use to access the database. Otherwise you would want to look into an externally hosted database (DBaaS) solution.
OK, lots of googleing and I now know that using the free solution provided by OpenShift it is not possible to solve this issue.
You must upgrade to a paid version in order to get another port to access the sql database directly.
There are many solutions for third-party decentralized authentication that are pretty simple to set up: log in with Facebook credentials, OpenID, OAuth etc.
How can I do something similar inside the firewall, in a Windows domain environment?
The scenario:
Python web application inside the firewall, hosted on a Linux server.
Users have Windows desktops and authenticate to a Windows domain
I know I can validate a username/password against Active Directory using LDAP, but that is not what I want. I don't want my app to handle the username/password at all. I want it to work as OpenID does, i.e. my app redirects the user to some sort of Windows identity provider web page.
Is there a out-of-the-box Windows/IIS solution for this?
EDIT:
Could Windows Identity Foundation be what I'm looking for? Or perhaps WIF has the building blocks?
At the risk of giving too many answers, it sounds to me like ADFS 2.0 is your path of least resistance. As far as integrating claims based access into your python application, I've seen pysaml2 recommended as a way to do this, but I can't speak from experience.
I'm not a Windows guy, but Crowd from Atlassian:
Will run on Windows
Can authenticate against Active Directory
Includes an OpenID provider
So if you're application can handle OpenID, you'd have everything you need.
WIF together with Azure ACS will provide this out the box. e.g. Adding a Custom OpenID Provider to ACS… with JUST ONE LINE of PowerShell Code.
Or you could integrate with Dot Net Open Auth either with your own STS or using something like Identity Server.
I wrote an application which makes use of the websocket implementation of Tornado and I am trying to find a host for it. As far as I can tell by reading google search results, google appengine does not support websockets at the moment. I'm not sure about heroku since I couldnt find any information. So my question is, if anybody knows a hoster where I could host my application?
The easiest thing might be to use a general IaaS (Infrastructure as a Service) cloud provider such as Amazon EC2 or Rackspace. Or even just use a regular hosted server like with Dreamhost. With those you get direct access to the OS and network configuration and you can do whatever you want. The downside is those will be more expensive and you for EC2 and Rackspace you will need to manage the host itself.
Update: you can now use Websockets on Heroku. Here is some information about using Websockets with Python on Heroku.